{"id":"CVE-2023-41419","details":"An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.","aliases":["GHSA-x7m3-jprg-wc5g","PYSEC-2023-177"],"modified":"2026-04-10T05:03:48.306472Z","published":"2023-09-25T12:15:11.210Z","related":["ALSA-2024:8834","CGA-57vg-j7qj-p9v9","SUSE-SU-2023:3975-1","SUSE-SU-2023:4009-1","SUSE-SU-2023:4091-1","openSUSE-SU-2024:13254-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/11/msg00020.html"},{"type":"REPORT","url":"https://github.com/gevent/gevent/issues/1989"},{"type":"FIX","url":"https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gevent/gevent","events":[{"introduced":"0"},{"fixed":"693181e8e109f1a91d1783cb06c758329553fc72"},{"fixed":"2f53c851eaf926767fbac62385615efd4886221c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"23.9.0"}]}}],"versions":["0.10.0","0.11.0","0.11.1","0.11.2","0.12.0","0.12.0-preview","0.12.0-preview-2","0.12.1","0.12.2","0.13.0","0.13.0-beta1","0.13.0b2","0.13.1","0.13.1b1","0.13.1b2","0.9.0","0.9.1","0.9.2","0.9.3","1.0","1.0a1","1.0a2","1.0a3","1.0b1","1.0b2","1.0b3","1.0b4","1.0rc1","1.0rc2","1.0rc3","1.2.0","1.2.1","1.2.2","1.3.0","1.3.1","1.3.2","1.3.2.post0","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3a1","1.3a2","1.3b1","1.3b2","1.4.0","1.5a1","1.5a2","1.5a3","1.5a4","20.04.0","20.12.0","20.12.1","20.5.0","20.5.1","20.5.2","20.6.0","20.6.1","20.9.0","21.1.0","21.1.1","21.1.2","21.12.0","21.8.0","22.08.0","22.10.1","22.10.2","23.7.0","v1.1.0","v1.1a1","v1.1a2","v1.1b1","v1.1b2","v1.1b3","v1.1b4","v1.1b5","v1.1b6","v1.1rc1","v1.1rc2","v1.1rc3","v1.2a1","v1.2a2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41419.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}